Workplace Privacy – Employer Law Reporthttps://www.employerlawreport.com
Helping employers avoid the storm of legal issues in the workplaceFri, 18 Jan 2019 16:20:07 +0000en-UShourly1https://wordpress.org/?v=4.9.9Sixth Circuit finds insurance coverage for phishing losseshttps://www.employerlawreport.com/2018/07/articles/workplace-privacy/sixth-circuit-finds-insurance-coverage-for-phishing-losses/
Mon, 30 Jul 2018 17:35:55 +0000https://www.employerlawreport.com/?p=6269The risk of loss due to some form of cyberattack should prompt employers to consider insuring against those losses. But, not all cyberinsurance policies are created equal. That point is made abundantly clear in the recent 6th Circuit case, American Tooling Center, Inc. v. Travelers Casualty and Surety Co. of America.

The plaintiff, American Tooling Center, Inc. (ATC) is a Michigan-based manufacturer that subcontracts some of its manufacturing work to a Chinese vendor. During a time period that it had business insurance coverage through Travelers, ATC received a series of emails from an impostor pretending to be its Chinese …

The plaintiff, American Tooling Center, Inc. (ATC) is a Michigan-based manufacturer that subcontracts some of its manufacturing work to a Chinese vendor. During a time period that it had business insurance coverage through Travelers, ATC received a series of emails from an impostor pretending to be its Chinese vendor. These emails advised ATC that the vendor had changed its bank accounts and that ATC should wire transfer its payments to these new accounts. After ATC had transferred approximately $834,000 to these fraudulent accounts, it learned that it had been duped. ATC then made a claim on its Travelers business insurance policy. Travelers denied the claim and litigation followed.

The Travelers policy at issue stated as follows:

Computer crime

Computer fraud
The Company will pay the insured for the Insured’s direct loss of, or direct loss from damage to, money, securities and other property directly caused by computer fraud.

Each of the bold terms were defined terms under the policy. Travelers contended that the policy did not cover ATC’s losses because (1) ATC did not suffer a “direct loss;” (2) this was not a case of “Computer Fraud;” and (3) the loss was not “directly caused by Computer Fraud.”

The court rejected each of these contentions. First, the court considered competing definitions of the word “direct” under Michigan law and concluded that regardless of the definition, ATC’s loss was direct because it “immediately lost its money when it transferred the approximately $834,000 to the impersonator, there was no intervening event.” Second, the court rejected Travelers’s contention that the definition of “Computer Fraud” under the policy was limited to “hacking and similar behaviors in which a nefarious party somehow gains access to and/or controls the insured’s computer.” Instead, the policy definition of “computer fraud” was:

Computer fraud means:
The use of any computer to fraudulently cause a transfer of money, securities or other property from inside the premises or financial institution premises:

To a person (other than a messenger) outside the premises or financial institution premises

To a place outside the premises or financial institution premises

As the court noted, the policy definition does not require, as Travelers argued, that the fraud “cause any computer to do anything.”

Finally, the court had little trouble, based on the chain of events, in finding that the “computer fraud” was the “direct cause” of ATC’s “direct loss.”

Takeaways

When shopping for insurance to cover potential losses due to cyber activity, businesses will need to make sure that they understand exactly what the policy terms mean and what events will trigger coverage under the policy and which will not. In addition, it is important to know what the policy will pay once a triggering event occurs. For instance, will it pay for regulatory fines, the cost of sending data breach notices, the cost of identity theft services for customers, or business interruption? You don’t want to have to go through years of litigation to find out. Using an insurance broker will help businesses sort through the best policies for their specific needs.

]]>NLRB panel majority upholds employer right to justify “no recording” policy; denies general counsel summary judgment motionhttps://www.employerlawreport.com/2017/05/articles/workplace-privacy/nlrb-panel-majority-upholds-employer-right-to-justify-no-recording-policy-denies-general-counsel-summary-judgment-motion/
Tue, 16 May 2017 15:33:11 +0000http://www.employerlawreport.com/?p=6028In a follow up to its Whole Foods Market, Inc. decision, which found unlawful an employer policy prohibiting workplace recordings by employees without prior management approval, an NLRB panel majority in Mercedes Benz U.S. International, Inc. denied the General Counsel’s motion for summary judgment on a similar “no recording” policy. According to the majority, Mercedes was entitled to a hearing, which would provide an opportunity to present evidence regarding its business justifications for the policy, and about whether the policy was communicated or applied in a manner that clearly conveyed an intent to permit protected activity.

In a follow up to its Whole Foods Market, Inc. decision, which found unlawful an employer policy prohibiting workplace recordings by employees without prior management approval, an NLRB panel majority in Mercedes Benz U.S. International, Inc. denied the General Counsel’s motion for summary judgment on a similar “no recording” policy. According to the majority, Mercedes was entitled to a hearing, which would provide an opportunity to present evidence regarding its business justifications for the policy, and about whether the policy was communicated or applied in a manner that clearly conveyed an intent to permit protected activity.

Member Pearce dissented, arguing that the employer’s policy which prohibited the use of cameras and video recording devices in the plant without prior authorization, was facially overbroad and did not provide any exceptions for protected concerted activity. As such, according to Member Pearce, the policy tends to impermissibly chill employee expression and therefore was unlawful regardless of the employer’s intent in adopting and implementing the policy and regardless of whether employees actually interpreted the policy as restricting their Section 7 rights.

It is positions like this one from Member Pearce that dominated the Obama Board when it had its full complement of members and have employers anxiously awaiting Senate confirmation of Marvin Kaplan and William Emanuel, who are expected to be nominated by President Trump to fill the two current Board vacancies. The Mercedes Benz decision is refreshing in that it suggests a possible loosening of the current standard for evaluating the lawfulness of employer handbook policies. At present, the standard is whether “employees would reasonably construe the [policy] language to prohibit Section 7 activity.” Too often in recent years, this standard, in practice, has really looked more like whether there is any conceivable possibility that employees would construe the language to prohibit Section 7 activity. Hopefully, once a Republican majority Board is in place, we will start to see a relaxing of the Board’s standard for reviewing employer policies.

]]>Ohio Appellate Court dismisses privacy breach lawsuit against employerhttps://www.employerlawreport.com/2017/05/articles/workplace-privacy/ohio-appellate-court-dismisses-privacy-breach-lawsuit-against-employer/
Thu, 11 May 2017 14:30:23 +0000http://www.employerlawreport.com/?p=6023A recently published decision of an Ohio Court of Appeals reminds us that, particularly in this electronic age, employers need to be very careful in the handling of confidential medical information. The decision is also a reminder that sometimes the outcome of a case can depend on the precedent in a particular appellate district.

In Templeton v. Fred. W. Albrecht Grocery Co. the 9th District Court of Appeals (for Summit County, Ohio) the employee responsible for managing workers’ compensation claims for the employer inadvertently sent a psychological report regarding the plaintiff to other employees rather than to the plaintiff’s …

A recently published decision of an Ohio Court of Appeals reminds us that, particularly in this electronic age, employers need to be very careful in the handling of confidential medical information. The decision is also a reminder that sometimes the outcome of a case can depend on the precedent in a particular appellate district.

In Templeton v. Fred. W. Albrecht Grocery Co. the 9th District Court of Appeals (for Summit County, Ohio) the employee responsible for managing workers’ compensation claims for the employer inadvertently sent a psychological report regarding the plaintiff to other employees rather than to the plaintiff’s attorney as she intended. The plaintiff brought suit alleging unauthorized disclosure, negligence and invasion of privacy. In response, the employer filed a motion to dismiss the claims as a matter of law.

The trial court dismissed the unauthorized disclosure and negligence claims at the outset and then, ultimately granted summary judgment as to the invasion of privacy claim. The plaintiff then appealed.

In affirming dismissal of all of the claims, the court first addressed the claim for invasion of privacy, which was essentially based on a claim for public disclosure of private facts (among other types of invasion of privacy claims). To establish such a claim, the court held that a plaintiff must prove:

“(1) that there has been a public disclosure; (2) that the disclosure was of facts concerning the private life of an individual; (3) that the matter disclosed would be highly offensive and objectionable to a reasonable person of ordinary sensibilities; (4) that the disclosure was intentional; and (5) that the matter publicized is not of legitimate concern to the public.”

Plaintiff argued that the court should follow a decision of the First (Hamilton County) District Court of Appeals in not requiring that the disclosure be intentional, but the court held that it was bound by its own precedent. Further, it noted a number of decisions from other Ohio Courts of Appeals that require intentionality as an element of the claim. Accordingly, the court held that because the misdirection of the e-mail was inadvertent, there was no actionable claim for invasion of privacy.

The court then addressed plaintiff’s claim for unauthorized disclosure and breach of medical confidence, arguably based upon the Ohio Supreme Court’s decision in Biddle v. Warren General Hospital. In that case the Ohio Supreme Court recognized that a physician or hospital can be liable for the tort of unauthorized, unprivileged disclosure of medical information to a third party when the medical information is gained in the course of the physician-patient relationship. Later, the Ohio Supreme Court extended that principle in a situation where an attorney who had legitimately received medical information during the course of litigation improperly disclosed that information outside the context of the case. In addressing these cases, the Court of Appeals concluded that the Biddle decision arose and should be applied only in the physician-patient relationship and declined to extend that holding to impose liability upon employers. Thus, dismissal of that claim was affirmed as well.

Two judges joined in the majority opinion. The third judge dissented, asserting that intentionality should not be a requirement for an invasion of privacy tort and that it was time to extend the Biddle holding “to cover an employer’s responsibility to safeguard the confidentiality of medical records that it receives from healthcare providers,” particularly “given the proliferation of electronic medical records in the years since Biddle was decided and ever-mounting challenges to individual privacy in a digital age.”

The Bottom Line

While this decision is good for employers, it reminds us that maintaining the confidentiality of private, particularly medical, information is critical to avoiding claims such as these. Further, courts are increasingly protective of private information in this electronic age, and the law followed by this court could change. And finally, it is notable that in addressing the law applicable to a particular situation, there can be differences among the various district courts of appeals in Ohio. Had this case arisen in Cincinnati instead of Akron, the plaintiff might have had a viable claim for invasion of privacy since the Hamilton County court of appeals does not require intentionality for such a claim.

]]>Seven employment law trends to keep your eyes on for 2016https://www.employerlawreport.com/2016/01/articles/eeo/seven-employment-law-trends-to-keep-your-eyes-on-for-2016/
Wed, 20 Jan 2016 17:52:03 +0000http://www.employerlawreport.com/?p=56162016 has arrived, marking the beginning of a year of political transition. While we cannot be certain what the upcoming Presidential election holds for 2017, we can expect to see at least seven employment law trends as we move through this year.

The Department of Labor (DOL) has proposed changes to the thresholds for exempt status, which will increase the number of employees eligible for minimum wage and overtime payments. In addition, technology advances in the workplace are likely to collide with wage and hour laws with the increased …

2016 has arrived, marking the beginning of a year of political transition. While we cannot be certain what the upcoming Presidential election holds for 2017, we can expect to see at least seven employment law trends as we move through this year.

The Department of Labor (DOL) has proposed changes to the thresholds for exempt status, which will increase the number of employees eligible for minimum wage and overtime payments. In addition, technology advances in the workplace are likely to collide with wage and hour laws with the increased use of smartphones and tablet devices by non-exempt employees and the rise of the sharing economy through businesses such as Uber, AirBnB, etc. Finally, the election year likely will bring with it even more emphasis on laws forcing employers to increase the minimum wage and provide for equal pay and paid family/sick leave on a federal, state and local level.

2. Expansion of the National Labor Relations Board’s (NLRB) efforts to increase unionization

2016 will give us the first full year operating under the NLRB’s new speedy election rules, which so far have served unionization well. In addition, in its last year under the Obama administration, we should expect to see other pro-union decisions and initiatives from the NLRB, including the Board’s efforts at increasing the likelihood of joint employer findings and its onslaught against non-union employment policies.

The Equal Employment Opportunity Commission (EEOC) has been pushing an agenda to bring LGBT non-discrimination rights up to the level of other protected classes and this should continue in 2016. Expect state and local laws to begin doing the same.

4. Increased focus on employee privacy protection.

Data breaches occurring in recent years have put the spotlight not only on businesses’ protection of their customer data, but also their own employees. In addition to class action litigation being brought, with increasing success, by victims of data breaches, the Federal Trade Commission has begun enforcing its authority over unfair and deceptive trade practices to regulate in the data privacy/security space.

5. Employer reliance on wellness programs

As health care costs continue to rise, employers have turned to wellness programs to keep a lid on those costs. Here is another place where technology is creating opportunities and issues as employer wellness programs rely more on smartphone apps and wearable devices to spur on improvements in their workforce health. The EEOC also is weighing in as it relates to the incentives that can be offered to employees for participating to ensure that participation is truly voluntary.

6. Ban the Box.

Expect the Ban the Box movement, which seeks to prevent employers from asking job candidates about prior criminal convictions on their employment application, to gain additional traction throughout the year.

7. Immigration

Expect the 2016 elections to shine a light on federal immigration policy. Though the election year almost certainly won’t be conducive to any immigration legislation, it could provide whoever wins election with enough political capital to push his or her policy through Congress beginning in 2017.

Yes, in Shore Point Distribution Co., Inc., the NLRB’s General Counsel’s Office issued an Advice Memorandum yesterday (dated October 15, 2015) in which it stated that an employer did not violate Section 8(a)(5) of the National Labor Relations Act by failing to bargain with union before installing a GPS device on an employee’s truck.

In March 2015, the employer became concerned that one of its employees was taking more time than other drivers to complete the same routes. It therefore hired a private investigator to follow and videotape the driver on his routes. The employer placed a …

Yes, in Shore Point Distribution Co., Inc., the NLRB’s General Counsel’s Office issued an Advice Memorandum yesterday (dated October 15, 2015) in which it stated that an employer did not violate Section 8(a)(5) of the National Labor Relations Act by failing to bargain with union before installing a GPS device on an employee’s truck.

In March 2015, the employer became concerned that one of its employees was taking more time than other drivers to complete the same routes. It therefore hired a private investigator to follow and videotape the driver on his routes. The employer placed a GPS device on the employee’s truck to ensure that the investigator would be able to regain contact with the truck if he lost visual contact during the course of the surveillance. Over the course of his surveillance of the employee, the investigator personally observed the employee engaging in work rule violations including operating his truck in an unsafe and illegal manner, failing to follow specified delivery times, stealing time, and falsifying his daily log. Finally, after the GPS located the employee stopped in the employee’s hometown, he located the employee’s truck parked in the driveway at his home during work hours. Thereafter, the employer terminated the employee based on the investigator’s report. There is no indication that the employee was ever aware that the GPS device had been installed on his truck or that the employer had notified its employees that it might use GPS tracking for any reason in association with their employment.

Hard to see the NLRB’s General Counsel going along with this. Obviously, there are some other facts at play here.

First, the collective bargaining agreement contained work rules that prohibited drivers from “stealing time” and requiring that they adhere to Department of Transportation regulations mandating that drivers accurately account for their time on daily log records.

Second, the employer “has a practice of retaining a private investigator to follow an employee suspected of stealing time and using any results obtained through the investigator’s personal observations for disciplinary purposes.” The union was aware of this practice and “has no objection to it.”

Based on these facts, the General Counsel easily concluded that an employer’s use of GPS was a mandatory subject of bargaining, but, analogizing to cases in which the Board permitted employers using video cameras to uncover workers’ compensation fraud and substituting time clocks for manual notations to record work time, additionally concluded that the use of GPS devices to assist in tracking employee location did not constitute a “material, substantial, and significant” change in employees’ terms and conditions of employment. Therefore, the General Counsel concluded that the employer was free to unilaterally make this change.

Critical to the General Counsel’s analysis in this case was his finding that the employer already had an established practice of following employees it suspected of stealing time and that the GPS merely was a more technological way of enforcing that established policy. In addition, the General Counsel noted that there was no evidence that any of the information obtained from the GPS was used in disciplining the employee that was independent of the investigator’s personal observations.

Takeaways for employers

Whether it relates to workforce productivity or investigating misconduct, many employers have substantial legitimate reasons for using GPS devices to monitor their employees’ location. Generally speaking, despite the Shore Point NLRB Advice Memorandum which seems to rest on rather unique facts, employers should not unilaterally initiate a practice of installing GPS devices on its employees’ work vehicles without first bargaining with any existing union or, in a non-unionized setting, providing advance notice to employees of the practice. In addition, employers that do use GPS tracking devices should ensure that appropriate steps are taken to ensure that those devices are used only in a manner that is consistent with the employer’s legitimate needs and protects the employees’ expectation of privacy away from work.

]]>The use of criminal background checks to make employment decisions is not without perilhttps://www.employerlawreport.com/2015/10/articles/eeo/the-use-of-criminal-background-checks-to-make-employment-decisions-is-not-without-peril/
Wed, 14 Oct 2015 14:09:38 +0000http://www.employerlawreport.com/?p=5582One of the first cases filed by the U.S. Equal Employment Opportunity Commission (EEOC) following its 2012 updated guidance on the use of arrest and conviction records in employment decisions has been resolved. Last month, a federal court in South Carolina approved a settlement in which BMW Manufacturing Co., LLC (BMW) agreed to pay $1.6 million and offer jobs to aggrieved African-American former employees and applicants. BMW had already voluntarily changed its criminal conviction policy.

The EEOC filed suit against BMW in 2013 claiming that BMW’s criminal conviction policy was not job related and consistent with business necessity and disproportionately …

One of the first cases filed by the U.S. Equal Employment Opportunity Commission (EEOC) following its 2012 updated guidance on the use of arrest and conviction records in employment decisions has been resolved. Last month, a federal court in South Carolina approved a settlement in which BMW Manufacturing Co., LLC (BMW) agreed to pay $1.6 million and offer jobs to aggrieved African-American former employees and applicants. BMW had already voluntarily changed its criminal conviction policy.

The EEOC filed suit against BMW in 2013 claiming that BMW’s criminal conviction policy was not job related and consistent with business necessity and disproportionately screened out African Americans from employment. BMW used a contractor to provide logistics services at its facility in South Carolina. The workers who provided services to BMW were subject to criminal background checks consistent with the contractor’s policy, which reviewed only convictions from the prior seven years. When BMW switched contractors, the workers were told that they would need to re-apply for employment with the new contractor, and BMW instructed the new contractor to perform criminal background checks on all workers under BMW’s policy. BMW’s criminal convictions policy had no time limitation, excluding from employment all applicants with convictions in certain categories of crimes without regard to whether the conviction was a misdemeanor or felony, the age of the conviction, or the nature or gravity of the individual crime. One hundred incumbent workers, eighty percent of whom were African American, did not pass BMW’s inflexible criminal background check, including many who had worked for BMW for a number of years. All of these workers were denied employment with the new contractor.

The EEOC argued that, because BMW’s criminal conviction policy disproportionately disqualified African Americans from employment, BMW should have evaluated whether the policy was job related and consistent with business necessity. According to the EEOC, BMW did not do so, and, as evidenced by the fact that many of those impacted by the policy had been working for BMW for years, the policy was not job related and consistent with business necessity. The policy, according to the EEOC, therefore had a discriminatory adverse impact on African Americans and was illegal.

This substantial settlement is a reminder to employers that using criminal background checks to screen applicants or to otherwise inform employment decisions remains a particularly risky proposition despite the Fourth Circuit’s decision earlier this year in EEOC v. Freeman. In Freeman, the Fourth Circuit upheld summary judgment in favor of the employer in a case brought by the EEOC challenging its criminal background screening policy. The court excoriated the EEOC for numerous deficiencies in its expert’s opinion regarding the adverse impact of the policy on minorities. That said, however, the Freeman court never actually reached the issue of whether the employer’s background screening policy was lawful. Accordingly, employers should still carefully review their background screening policies to ensure that their requirements are job related and consistent with business necessity. To the extent that the use of criminal background checks results in a disproportionate disqualification of minority applicants, employers must be prepared to demonstrate the existence of a legitimate business reason that justifies the policy.

]]>Employer’s DNA test of employees in defecation investigation results in $2 million verdict for violating GINA while real “Poopetrator” remains on the loosehttps://www.employerlawreport.com/2015/07/articles/employment-outtakes/employers-dna-test-of-employees-in-defecation-investigation-results-in-2-million-verdict-for-violating-gina-while-real-poopetrator-remains-on-the-loose/
Mon, 06 Jul 2015 18:40:00 +0000http://www.employerlawreport.com/?p=5490We would like to thank Adam Bennett, one of Porter Wright’s summer law clerks, for his significant contributions to this blog post.

If a recent federal court case is any sign of the times, employers should think twice before engaging in their own forensic crime scene style investigations of employee questionable behavior—even if the employee is suspected of repeatedly defecating in public areas of the workplace. Employers sometimes forget that the Genetic Information Nondiscrimination Act (GINA) prohibits requesting employee genetic information. Any improper request for employee genetic information is likely to lead to legal woes and a lot of dollars …

We would like to thank Adam Bennett, one of Porter Wright’s summer law clerks, for his significant contributions to this blog post.

If a recent federal court case is any sign of the times, employers should think twice before engaging in their own forensic crime scene style investigations of employee questionable behavior—even if the employee is suspected of repeatedly defecating in public areas of the workplace. Employers sometimes forget that the Genetic Information Nondiscrimination Act (GINA) prohibits requesting employee genetic information. Any improper request for employee genetic information is likely to lead to legal woes and a lot of dollars flushed down the drain.

A federal court jury recently granted two former employees of Atlas Logistics Group Retail Services LLC a $2.23 million award. Lowe v. Atlas Group Retail Servs. Atlanta, LLC, No. 1:13-CV-2425-AT (decision denying summary judgment to employer here). Atlas was determined to track down a serial defecator with a penchant for seeking relief in the open areas of a company warehouse. Its loss prevention manager compared employee work schedules to the timing and location of the defecation episodes in order to create a list of employees who may have been responsible. After creating a list of suspects, Atlas requested cheek swabs from the mouths of the two employees to run DNA analysis. Atlas hoped to link the DNA samples to the “evidence” of the wrongdoing. The two employees complied but sued under GINA after they were found innocent. (Apparently the culprit remains on the loose.)

Except in extremely limited circumstances set forth in EEOC regulations, GINA makes it unlawful for an employer to request, require, or purchase an employee’s genetic information. Based on the statutory language, Atlas violated GINA when it asked the employees for a cheek swab. The violation occurred even though the former employees voluntarily complied with the request. The employees’ case survived summary judgment and went to trial where they prevailed.

While the facts of this case might be humorous and sensational, GINA is no laughing matter. In 2013, Fabricut Inc. was forced to pay out $50,000 to an applicant when the applicant filed suit based on a pre-employment medical examination and questionnaire. The questionnaire requested information about the applicant’s medical history, including questions about the existence of cancer, tuberculosis, diabetes, and mental disorders in her family. While the medical examination might have been justifiable, the questionnaire violated GINA. More recently, Founders Pavilion, a nursing and rehabilitation center, settled a discrimination lawsuit with the EEOC for $370,000 because it too requested applicant medical history as part of its pre-employment medical examination process. The Fabricut and Founders Pavilion cases represent more typical GINA cases and the type of wrongdoing GINA set out to prohibit.

Employers that request genetic information of applicants and employees must be aware that these requests will come at a high price.

]]>Big data in the workplacehttps://www.employerlawreport.com/2015/04/articles/workforce-strategies/big-data-in-the-workplace/
Tue, 14 Apr 2015 13:00:01 +0000http://www.employerlawreport.com/?p=5377I’m looking forward to joining my colleagues Dennis Hirsch and Jay Levine for a roundtable discussion of “Big data, data analytics and the law: What your company needs to know about the next big thing” on May 13. Here is a glimpse into what I plan to talk about from the employment lawyer’s perspective:

Even if we don’t know exactly how big data works, we know what it can do for us in our daily lives. Movie suggestions on Netflix. Targeted coupons at the grocery store. Cheap airfare and hotel rates. Facebook suggestions of people we may know. There is …

I’m looking forward to joining my colleagues Dennis Hirsch and Jay Levine for a roundtable discussion of “Big data, data analytics and the law: What your company needs to know about the next big thing” on May 13. Here is a glimpse into what I plan to talk about from the employment lawyer’s perspective:

Even if we don’t know exactly how big data works, we know what it can do for us in our daily lives. Movie suggestions on Netflix. Targeted coupons at the grocery store. Cheap airfare and hotel rates. Facebook suggestions of people we may know. There is a certain creepiness to all of this but many (most?) of us seem willing to overlook it for the convenience and opportunities it provides.

Human resources departments now are figuring out how to use big data in the workplace. LinkedIn was one of the first businesses to recognize the value that data held for employers. At its most basic level, LinkedIn can steer its individual members to potentially attractive jobs that fit their profile and, for recruiters, it provides a rich database of candidates, including people who aren’t even looking for a new job. But there are a lot more than just recruiting opportunities. Companies like Knack now promote tests like Wasabi Waiter and Dungeon Scrawl that it claims will reveal job applicants’ talents, traits and skills to permit employers to identify the best candidate for their needs. JP Morgan Chase apparently has developed software that analyzes its own employees’ data to try to identify which ones are most likely to “go rogue,” so it has time to stop them before they do.

But with these opportunities come risks. One of the primary risks is not understanding the data being analyzed, where it comes from and how it was collected. Garbage in still equals garbage out. Employers therefore must always recognize that the data being analyzed, at best, identifies correlations and not causation — meaning that the process will be subject to challenge before the EEOC if there is a disparate impact and the test results or other data analysis can’t be validated as predicting success in the job for which the data is being used. In addition, latent biases also can corrupt the data collection and analysis processes leaving the process open to challenge as a discriminatory pattern or practice if for instance the data being analyzed tends to exclude certain protected classes of applicants or employees.

Other potential legal issues abound. Employers court ADA claims if pre-employment tests being used to screen applicants are considered to be psychological in nature and are administered before a conditional job offer is made or if persons with disabilities cannot or are not accommodated in the test taking process.

Finally, the accumulation of so much data is contrary to the primary data protection concept that you collect only the data that you need and keep it only for as long as you need it. As a result, employers contemplating using big data in their workplaces should incorporate privacy and security controls into all aspects of the data collection and analysis processes before implementation of any big data program.

]]>NLRB files complaint against postal service for not bargaining with union over effects of data breach incidenthttps://www.employerlawreport.com/2015/04/articles/labor-relations/nlrb-files-complaint-against-postal-service-for-not-bargaining-with-union-over-effects-of-data-breach-incident/
Mon, 13 Apr 2015 12:46:38 +0000http://www.employerlawreport.com/?p=5375We all pretty much know the drill at this point. Organization announces data breach, sends out notices as required under state and/or federal law to those individuals that are affected, offers some kind of identity theft protection or credit monitoring service, awaits public criticism and backlash. The NLRB and the American Postal Workers Union (“AWPU”) apparently think that there should be an additional step when the data breach involves the personal information of employees who are covered by a collective bargaining agreement – bargaining over the effects of the data breach on, and the remedy to be provided to, the …Continue Reading →]]>

We all pretty much know the drill at this point. Organization announces data breach, sends out notices as required under state and/or federal law to those individuals that are affected, offers some kind of identity theft protection or credit monitoring service, awaits public criticism and backlash. The NLRB and the American Postal Workers Union (“AWPU”) apparently think that there should be an additional step when the data breach involves the personal information of employees who are covered by a collective bargaining agreement – bargaining over the effects of the data breach on, and the remedy to be provided to, the impacted employees.

The Regional Director for Region 5 of the NLRB in Baltimore, Maryland, filed a complaint against the Postal Service on March 31st alleging that the agency violated the NLRA by not bargaining with the union regarding certain information it requested when it was first notified of the data breach. Although the complaint made available to the press by the AWPU did not include the list of information it requested from the Postal Service, it presumably includes requests for information about the breach itself, whose information and what information was compromised, and the timeline between the breach and the notification. (The NLRB website does not yet include a copy of the complaint.) In addition, the complaint alleges that the Postal Service offered impacted employees one year of free credit monitoring and fraud insurance without first bargaining with the union about these benefits.

I understand and am not surprised that the union has taken this position since bargaining could lead to additional benefits for employees that are impacted by their employer’s data breach incident and I won’t be surprised if the NLRB ultimately agrees. The union’s position also, however, likely will lead to delays in getting their members the types of remedial measures they are going to want and need while the bargaining process is ongoing. Perhaps the unions’ time would be best spent working with their employer to make sure that their members’ personal information is adequately protected in the first place. They should probably also keep in mind that unions can be victimized by data breaches as well as employers.

]]>The U.S. Securities and Exchange Commission brings its first whistleblower enforcement action based upon an allegedly overbroad employee confidentiality agreementhttps://www.employerlawreport.com/2015/04/articles/workplace-privacy/the-u-s-securities-and-exchange-commission-brings-its-first-whistleblower-enforcement-action-based-upon-an-allegedly-overbroad-employee-confidentiality-agreement/
Fri, 10 Apr 2015 14:39:33 +0000http://www.employerlawreport.com/?p=5371The U.S. Securities and Exchange Commission (SEC) has now brought its first whistleblower enforcement action against a publicly traded company under the Dodd-Frank Act of 2010 for utilizing an overly broad employee confidentiality agreement. Specifically, the SEC alleges that KBR, Inc., has violated the Act by implementing employee confidentiality agreements that “potentially discouraged” employees from becoming whistleblowers by reporting misconduct to the SEC. This is illegal under the Act, and specifically under SEC Rule 21F-17 which prohibits employers “from taking measures through confidentiality, employment, severance or other type of agreements that may silence potential whistleblowers before they can reach out …Continue Reading →]]>

The U.S. Securities and Exchange Commission (SEC) has now brought its first whistleblower enforcement action against a publicly traded company under the Dodd-Frank Act of 2010 for utilizing an overly broad employee confidentiality agreement. Specifically, the SEC alleges that KBR, Inc., has violated the Act by implementing employee confidentiality agreements that “potentially discouraged” employees from becoming whistleblowers by reporting misconduct to the SEC. This is illegal under the Act, and specifically under SEC Rule 21F-17 which prohibits employers “from taking measures through confidentiality, employment, severance or other type of agreements that may silence potential whistleblowers before they can reach out to the SEC.”

The company’s confidentiality agreement at issue made it a disciplinary offense for an employee to discuss internal investigations with outside parties, even governmental agencies, without first obtaining approval from the company’s legal department. The SEC viewed this language as possibly discouraging employees from becoming whistleblowers even though there was no evidence that KBR had ever used the agreement in that manner. The company claimed that the confidentiality agreements were used to preserve attorney-client privilege in internal investigations and claimed that “it never dawned on us” that this type of agreement might violate SEC rules. The SEC, however, took a broad interpretation and viewed the agreements as having a “chilling effect.” The company settled without admitting or denying that it violated the Act, but agreed to pay a fine and to revise its confidentiality agreements to explicitly state employees are still free to report alleged misconduct to the SEC or other federal agencies without company approval.

In a statement on the settlement, the SEC whistleblower enforcement chief advised that “[o]ther employers should similarly review and amend existing and historical agreements that in a word or effect stop their employees from reporting potential violations to the SEC.” Indeed, the SEC whistleblower enforcement chief previously admitted that he had been looking to bring an enforcement action against a company for overbroad employee confidentiality agreements in order to emphasize the issue. In fact, he indicated that “severance agreements, confidentiality agreements, and employment agreements” with overly broad confidentiality provisions were all targets, even if they do not explicitly state “you can’t report this to the SEC.”

Publicly traded companies that have confidentiality clauses in written agreements with its employees will want to revisit the agreements and determine if they must be amended due to the SEC’s broad interpretation of what constitutes a “chilling effect” in violation of SEC Rule 21F-17.